Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.

Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report.
2025-11-25 05:04:26 +00:00 · 2021-03-16 10:19:00 +01:00 · 2021-03-16 10:19:00 +01:00 · d4d800ca1a
commit d4d800ca1a
parent 78fea27f69
9 changed files with 159 additions and 23 deletions
--- a/tests/file_uploads/urls.py
+++ b/tests/file_uploads/urls.py
@ -4,6 +4,7 @@ from . import views

 urlpatterns = [
    path('upload/', views.file_upload_view),
+    path('upload_traversal/', views.file_upload_traversal_view),
    path('verify/', views.file_upload_view_verify),
    path('unicode_name/', views.file_upload_unicode_name),
    path('echo/', views.file_upload_echo),